We are running a wis, with clients connecting to the high site via pppoe, the problem is that they cannot connect to any secure website ie like online banking sites. Everything else is working like a dream.
Our firewall on the highsite mangle everything through the firewall, so its not that, we have V 2.8.91, had 2.8.21, but we though that its was causing problems.
Any help would be appreciated.
If a mangle for pppoe connections is setup right way and still have a problem, checkout src-nat rules if you have.
I have experienced same problem when have src-nat to range of external IP’s.
The solution was to do masquarade or src-nat secure web sites to 1 external IP.
um, i have no scr-nat rules setup, also it will be difficult to add the ip’s of the secure websites, due to the fact the mikrotik is sitting behind a server. The server is running suse 9.1 and we tested the interface thorugh which the high site come in to and it doesnt block the sites.
Will try that , but it didnt do it before, after I upgraded the hardware and the router os then it started this. So i downgraded again and the problem still persists
Problem is in TCP MSS.. don’t change it and it will work
could you please explain this? if the MTU was set to a smaller value by a mangle rule, i thought the MSS has to be adjusted also.
thx.
matthias
Just test and you’ll see that 
I just change the MSS of client interfaces to 1400, and everithing is working fine
but MSS should be MTU - 40. usually i set MTU for pppoe-links to 1480 bytes, MRU also. the dynamic mangle rule (created by choosing change tcp-mss in the ppp profile) sets MSS to 1420, which seems to small, but works for me.
ok, these valuas are all maxima, so using a smaller one will work, but cost bandwith.
regards.
matthias